[consulting] Hardened PHP?

Khalid B kb at 2bits.com
Mon Jan 15 04:34:14 UTC 2007


The hardened version of PHP does not protect from the most common
problems: SQL injection, Cross Site Scripting (XSS) and arbitrary code
execution.

These problems are present in other languages too, and are not specific
to PHP, but because it is the most used language on the web, there are
lots of programmers that write apps that are prone to these attacks.

On 1/14/07, Evan Leibovitch <evan at telly.org> wrote:
>
> Hi all,
>
> After getting an earful from a programmer friend of how crappy and
> insecure PHP was for a basis of any serious application (Python fan,
> don't ya know), he said that the least I could do is to run my LAMP apps
> under hardened PHP (http://www.hardened-php.net/).
>
> Are others here using Drupal running on PHP with the hardening patch and
> module? Does it break anything? Looking for info on this on d.o doesn't
> turn up much.
>
> Thanks!
>
> - Evan
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/consulting/attachments/20070114/c5d996c7/attachment.htm 


More information about the consulting mailing list